github.phpd.cn/hashicorp/packer@v1.3.2/builder/azure/pkcs12/crypto_test.go (about)

     1  // Copyright 2015 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package pkcs12
     6  
     7  import (
     8  	"bytes"
     9  	"crypto/rand"
    10  	"crypto/x509/pkix"
    11  	"encoding/asn1"
    12  	"io"
    13  	"testing"
    14  )
    15  
    16  var sha1WithTripleDES = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 12, 1, 3})
    17  
    18  func TestPbDecrypterFor(t *testing.T) {
    19  	params, _ := asn1.Marshal(pbeParams{
    20  		Salt:       []byte{1, 2, 3, 4, 5, 6, 7, 8},
    21  		Iterations: 2048,
    22  	})
    23  	alg := pkix.AlgorithmIdentifier{
    24  		Algorithm: asn1.ObjectIdentifier([]int{1, 2, 3}),
    25  		Parameters: asn1.RawValue{
    26  			FullBytes: params,
    27  		},
    28  	}
    29  
    30  	pass, _ := bmpString("Sesame open")
    31  
    32  	_, _, err := pbDecrypterFor(alg, pass)
    33  	if _, ok := err.(NotImplementedError); !ok {
    34  		t.Errorf("expected not implemented error, got: %T %s", err, err)
    35  	}
    36  
    37  	alg.Algorithm = sha1WithTripleDES
    38  	cbc, blockSize, err := pbDecrypterFor(alg, pass)
    39  	if err != nil {
    40  		t.Errorf("unexpected error from pbDecrypterFor %v", err)
    41  	}
    42  	if blockSize != 8 {
    43  		t.Errorf("unexpected block size %d, wanted 8", blockSize)
    44  	}
    45  
    46  	plaintext := []byte{1, 2, 3, 4, 5, 6, 7, 8}
    47  	expectedCiphertext := []byte{185, 73, 135, 249, 137, 1, 122, 247}
    48  	ciphertext := make([]byte, len(plaintext))
    49  	cbc.CryptBlocks(ciphertext, plaintext)
    50  
    51  	if bytes.Compare(ciphertext, expectedCiphertext) != 0 {
    52  		t.Errorf("bad ciphertext, got %x but wanted %x", ciphertext, expectedCiphertext)
    53  	}
    54  }
    55  
    56  var pbDecryptTests = []struct {
    57  	in            []byte
    58  	expected      []byte
    59  	expectedError error
    60  }{
    61  	{
    62  		[]byte("\x33\x73\xf3\x9f\xda\x49\xae\xfc\xa0\x9a\xdf\x5a\x58\xa0\xea\x46"), // 7 padding bytes
    63  		[]byte("A secret!"),
    64  		nil,
    65  	},
    66  	{
    67  		[]byte("\x33\x73\xf3\x9f\xda\x49\xae\xfc\x96\x24\x2f\x71\x7e\x32\x3f\xe7"), // 8 padding bytes
    68  		[]byte("A secret"),
    69  		nil,
    70  	},
    71  	{
    72  		[]byte("\x35\x0c\xc0\x8d\xab\xa9\x5d\x30\x7f\x9a\xec\x6a\xd8\x9b\x9c\xd9"), // 9 padding bytes, incorrect
    73  		nil,
    74  		ErrDecryption,
    75  	},
    76  	{
    77  		[]byte("\xb2\xf9\x6e\x06\x60\xae\x20\xcf\x08\xa0\x7b\xd9\x6b\x20\xef\x41"), // incorrect padding bytes: [ ... 0x04 0x02 ]
    78  		nil,
    79  		ErrDecryption,
    80  	},
    81  }
    82  
    83  func TestPbDecrypt(t *testing.T) {
    84  	salt := []byte("\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8")
    85  
    86  	for i, test := range pbDecryptTests {
    87  		decryptable := makeTestDecryptable(test.in, salt)
    88  		password, _ := bmpString("sesame")
    89  
    90  		plaintext, err := pbDecrypt(decryptable, password)
    91  		if err != test.expectedError {
    92  			t.Errorf("#%d: got error %q, but wanted %q", i, err, test.expectedError)
    93  			continue
    94  		}
    95  
    96  		if !bytes.Equal(plaintext, test.expected) {
    97  			t.Errorf("#%d: got %x, but wanted %x", i, plaintext, test.expected)
    98  		}
    99  	}
   100  }
   101  
   102  func TestRoundTripPkc12EncryptDecrypt(t *testing.T) {
   103  	salt := []byte{0xfe, 0xee, 0xfa, 0xce}
   104  	password := salt
   105  
   106  	// Sweep the possible padding lengths
   107  	for i := 0; i < 9; i++ {
   108  		bs := make([]byte, i)
   109  		_, err := io.ReadFull(rand.Reader, bs)
   110  		if err != nil {
   111  			t.Fatalf("failed to read: %s", err)
   112  		}
   113  
   114  		cipherText, err := pbEncrypt(bs, salt, password, 4096)
   115  		if err != nil {
   116  			t.Fatalf("failed to encrypt: %s\n", err)
   117  		}
   118  
   119  		if len(cipherText)%8 != 0 {
   120  			t.Fatalf("plain text was not padded as expected")
   121  		}
   122  
   123  		decryptable := makeTestDecryptable(cipherText, salt)
   124  		plainText, err := pbDecrypt(decryptable, password)
   125  		if err != nil {
   126  			t.Fatalf("failed to decrypt: %s\n", err)
   127  		}
   128  
   129  		if !bytes.Equal(bs, plainText) {
   130  			t.Fatalf("got %x, but wanted %x", bs, plainText)
   131  		}
   132  	}
   133  }
   134  
   135  func makeTestDecryptable(bytes, salt []byte) testDecryptable {
   136  	decryptable := testDecryptable{
   137  		data: bytes,
   138  		algorithm: pkix.AlgorithmIdentifier{
   139  			Algorithm: sha1WithTripleDES,
   140  			Parameters: pbeParams{
   141  				Salt:       salt,
   142  				Iterations: 4096,
   143  			}.RawASN1(),
   144  		},
   145  	}
   146  
   147  	return decryptable
   148  }
   149  
   150  type testDecryptable struct {
   151  	data      []byte
   152  	algorithm pkix.AlgorithmIdentifier
   153  }
   154  
   155  func (d testDecryptable) Algorithm() pkix.AlgorithmIdentifier { return d.algorithm }
   156  func (d testDecryptable) Data() []byte                        { return d.data }
   157  
   158  func (params pbeParams) RawASN1() (raw asn1.RawValue) {
   159  	asn1Bytes, err := asn1.Marshal(params)
   160  	if err != nil {
   161  		panic(err)
   162  	}
   163  	_, err = asn1.Unmarshal(asn1Bytes, &raw)
   164  	if err != nil {
   165  		panic(err)
   166  	}
   167  	return
   168  }